The present systems and methods provide for secured communication between a mobile device and a server/gateway. The systems and methods can be used, for example, as a way to confirm whether or not a transaction was actually authorized by the user, thereby settling a chargeback dispute for a previously executed transaction. The method comprises receiving the dispute regarding the transaction including associated transaction data, and retrieving a digital signature associated with the transaction data, the digital signature computed by signing the transaction data. The digital signature is then verified using a public key, wherein the public key corresponds to a private key stored on a mobile device. It is then determined whether or not the transaction is fraudulent based on a verification result of the digital signature.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for secured communication between a mobile device and a server, the mobile device having stored thereon a mobile device ID, the method performed on the mobile device comprising: the mobile device capturing biometric data comprising at least one of fingerprint data, iris data, retina data, and voice data; the mobile device deriving a supplemental ID from the biometric data, the supplemental ID for verifying a payment ID; the mobile device sending the supplemental ID and the mobile device ID to the server, the server configured to act as a payment gateway, the server having stored thereon the payment ID and the mobile device ID in association with each other; and the mobile device receiving from the server a confirmation that a transaction is complete, the confirmation generated at the server based on a verification of a combination of the supplemental ID and the payment ID.
2. The method of claim 1 wherein the supplemental ID comprises encoded data derived from a fingerprint captured by a fingerprint scanner of the mobile device.
3. The method of claim 1 wherein the supplemental ID comprises an image of a fingerprint captured by a fingerprint scanner of the mobile device.
4. The method of claim 1 wherein deriving the supplemental ID comprises receiving the biometric data, obtaining a cryptographic hash using the biometric data, locally verifying the cryptographic hash on the mobile device, and at least one of using the cryptographic hash as the supplemental ID and using the cryptographic hash to derive the supplemental ID.
5. A non-transitory computer readable medium for enabling secured communication between a mobile device and a server, the mobile device having stored thereon a mobile device ID, the computer readable medium comprising computer executable instructions for execution on the mobile device, the computer executable instructions comprising: the mobile device capturing biometric data comprising at least one of fingerprint data, iris data, retina data, and voice data; the mobile device deriving a supplemental ID from the biometric data, the supplemental ID for verifying a payment ID; the mobile device sending the supplemental ID and the mobile device ID to the server, the server configured to act as a payment gateway, the server having stored thereon the payment ID and the mobile device ID in association with each other; and the mobile device receiving from the server a confirmation that a transaction is complete, the confirmation generated at the server based on a verification of a combination of the supplemental ID and the payment ID.
6. The non-transitory computer readable medium of claim 5 wherein the supplemental ID comprises encoded data derived from a fingerprint captured by a fingerprint scanner of the mobile device.
7. The non-transitory computer readable medium of claim 5 wherein the supplemental ID comprises an image of a fingerprint captured by a fingerprint scanner of the mobile device.
8. The non-transitory computer readable medium of claim 5 wherein deriving the supplemental ID comprises receiving the biometric data, obtaining a cryptographic hash using the biometric data, locally verifying the cryptographic hash on the mobile device, and at least one of using the cryptographic hash as the supplemental ID and using the cryptographic hash to derive the supplemental ID.
9. A method for secured communication between a mobile device and a server, the mobile device having stored thereon a mobile device ID, the method performed on the mobile device comprising: the mobile device capturing , through a transaction GUI, biometric data comprising at least one of fingerprint data, iris data, retina data, and voice data; the mobile device deriving a supplemental ID from the biometric data, the supplemental ID for verifying a payment ID; the mobile device sending the supplemental ID and the mobile device ID to the server, the server configured to act as a payment gateway, the server having stored thereon the payment ID and the mobile device ID in association with each other; and the mobile device receiving from the server a confirmation that a transaction is complete, the confirmation generated at the server based on a verification of a combination of the supplemental ID and the payment ID.
10. The method of claim 9 wherein the mobile device sends at least one of the supplemental ID and the payment ID without storing the supplemental ID and the payment ID on the mobile device.
11. The method of claim 9 further comprising a registration process for storing the mobile device ID on the mobile device, the method further comprising: the mobile device receiving from a registration GUI at least the payment ID of a payment account and the supplemental ID, and transmitting the payment ID and the supplemental ID to the server without storing the payment ID and the supplemental ID on the mobile device; the mobile device receiving from the server a confirmation that the payment ID and the supplemental ID are successfully verified; and, the mobile device obtaining data for generating the mobile device ID, the mobile device ID stored on the mobile device.
12. The method of claim 11 wherein the mobile device obtains the data for the mobile device ID by at least one of generating and receiving the data.
13. The method of claim 9 wherein the payment ID is comprised of at least one of: a credit card number, an expiry date, a bank card number, a banking number, and a points account number.
14. The method of claim 9 wherein the mobile device ID includes at least one of: subscriber identity information stored on a SIM card or IMEI of the mobile device, networking information, an IP address, a phone carrier identification, a port address, a DNS name, a GPS coordinate of the mobile device, the battery temperature of the mobile device, a geographical location of the mobile device, an accelerometer reading of the mobile device, a cookie, a user agent, and a header, wherein the cookie, the user agent and the header are provided by a browser on the mobile device or a DOM storage on the mobile device.
15. The method of claim 9 wherein the mobile device ID is randomly generated.
16. The method of claim 9 wherein the mobile device ID is replaced by a new mobile device ID and is associated with the payment ID for each subsequent execution of the transaction process.
17. The method of claim 9 wherein the supplemental ID comprises encoded data derived from a fingerprint captured by a fingerprint scanner of the mobile device.
18. The method of claim 9 wherein the supplemental ID comprises an image of a fingerprint captured by a fingerprint scanner of the mobile device.
19. The method of claim 9 wherein deriving the supplemental ID comprises receiving the biometric data, obtaining a cryptographic hash using the biometric data, locally verifying the cryptographic hash on the mobile device, and at least one of using the cryptographic hash as the supplemental ID and using the cryptographic hash to derive the supplemental ID.
20. A non-transitory computer readable medium for enabling secured communication between a mobile device and a server, the mobile device having stored thereon a mobile device ID, the computer readable medium comprising computer executable instructions for execution on the mobile device, the computer executable instructions comprising: the mobile device capturing through a transaction GUI, biometric data comprising at least one of fingerprint data, retina data, and voice data; the mobile device deriving a supplemental ID from the biometric data, the supplemental ID for verifying a payment ID; the mobile device sending the supplemental ID and the mobile device ID to the server, the server configured to act as a payment gateway, the server having stored thereon the payment ID and the mobile device ID in association with each other; and the mobile device receiving from the server a confirmation that a transaction is complete, the confirmation generated at the server based on a verification of a combination of the supplemental ID and the payment ID.
21. The non-transitory computer readable medium of claim 20 wherein the mobile device sends at least one of the supplemental ID and the payment ID without storing the supplemental ID and the payment ID on the mobile device.
22. The non-transitory computer readable medium of claim 20 wherein the instructions further comprise a registration process for storing the mobile device ID on the mobile device, the instructions further comprising: the mobile device receiving from a registration GUI at least the payment ID of a payment account and the supplemental ID, and transmitting the payment ID and the supplemental ID to the server without storing the payment ID and the supplemental ID on the mobile device; the mobile device receiving from the server a confirmation that the payment ID and the supplemental ID are successfully verified; and, the mobile device obtaining data for generating the mobile device ID, the mobile device ID stored on the mobile device.
23. The non-transitory computer readable medium of claim 22 wherein the mobile device obtains the data for the mobile device ID by at least one of generating and receiving the data.
24. The non-transitory computer readable medium of claim 20 wherein the payment ID is comprised of at least one of: a credit card number, an expiry date, a bank card number, a banking number, and a points account number.
25. The non-transitory computer readable medium of claim 20 wherein the mobile device ID includes at least one of: subscriber identity information stored on a SIM card or IMEI of the mobile device, networking information, an IP address, a phone carrier identification, a port address, a DNS name, a GPS coordinate of the mobile device, the battery temperature of the mobile device, a geographical location of the mobile device, an accelerometer reading of the mobile device, a cookie, a user agent, and a header, wherein the cookie, the user agent and the header are provided by a browser on the mobile device or a DOM storage on the mobile device.
26. The non-transitory computer readable medium of claim 20 wherein the mobile device ID is randomly generated.
27. The non-transitory computer readable medium of claim 20 wherein the mobile device ID is replaced by a new mobile device ID and is associated with the payment ID for each subsequent execution of the transaction process.
28. The non-transitory computer readable medium of claim 20 wherein the supplemental ID comprises encoded data derived from a fingerprint captured by a fingerprint scanner of the mobile device.
29. The non-transitory computer readable medium of claim 20 wherein the supplemental ID comprises an image of a fingerprint captured by a fingerprint scanner of the mobile device.
30. The non-transitory computer readable medium of claim 20 wherein deriving the supplemental ID comprises receiving the biometric data, obtaining a cryptographic hash using the biometric data, locally verifying the cryptographic hash on the mobile device, and at least one of using the cryptographic hash as the supplemental ID and using the cryptographic hash to derive the supplemental ID.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
February 26, 2016
July 23, 2019
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.